Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 02 Apr 2012 11:45:12 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Filippo Cavallarin <filippo.cavallarin@...seq.it>
Subject: Re: CVE request: OSClass directory traversal vulnerability

On 04/02/2012 10:42 AM, Filippo Cavallarin wrote:
> On 2 Apr 2012, at 5:53 PM, Kurt Seifried wrote:
> 
>> On 04/02/2012 01:59 AM, Filippo Cavallarin wrote:
>>> Hello,
>>> Can i get a CVE identifier for this issue:
>>>
>>> http://www.codseq.it/advisories/osclass_directory_traversal_vulnerability
>>>
>>> Thanks
>>>
>>> Filippo Cavallarin
>>>
>>>
>>> C o d S e q
>>> Development with an eye on security
>>> ------------------------------------------------------------------------
>>> Castello 2005, 30122 Venezia
>>> Tel: 041 88 761 58 - Fax: 041 81 064 714 - Cell: 346 66 93 254
>>> c.f. CVLFPP82B27L736J - p.iva 03737650279
>>> http://www.codseq.it - filippo.cavallarin@...seq.it
>>>
>>
>> Please provide links to the original vendor advisory/ChangeLog/commits/etc.
>>
>> -- 
>> Kurt Seifried Red Hat Security Response Team (SRT)
> 
> 
> The changelog can be found here 
> 
> http://osclass.org/blog/
> 
> Filippo Cavallarin

The actual blog entry: http://osclass.org/blog/2012/03/05/osclass-2-3-6/

doesn't mention anything about directory traversal. Do you have a link
on their site, or the commit showing the problem or the fix?

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ